Re: [DNSOP] New draft on delegation revalidation

"Giovane C. M. Moura" <giovane.moura@sidn.nl> Thu, 30 April 2020 10:33 UTC

Return-Path: <giovane.moura@sidn.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FEE43A0867 for <dnsop@ietfa.amsl.com>; Thu, 30 Apr 2020 03:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MISSING_HEADERS=1.021, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sidn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTxqsGzE-1i9 for <dnsop@ietfa.amsl.com>; Thu, 30 Apr 2020 03:33:42 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60069.outbound.protection.outlook.com [40.107.6.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5FEB3A0864 for <DNSOP@ietf.org>; Thu, 30 Apr 2020 03:33:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ce3mQvXlobIpHISSDFbtMeopwZUQ1cF6Iruf/kx/5ESeV/hhDlRHpBXcAqgI2eB2lfjoNEU15K8zZm87v+DWZKySNWJ20TK+I6cAs3EdF/EcYQ2PxyjzmF4Gz2dPgedMCaJs1pt2BpJU00syFDl9T03Thh27Tanmjwk66L1tS1pG3uWeNSXYzlQmScOWjX9LB1Mel3ptcJ6CBM7Due6Dl8risdh2e49cvxwRiuQ6HQ3DXZx/TrSH3KB2Ao3sAzGIjYK7goaDhZ4IuQ2OS8Ac0H4sZi8ywyrxdO3jWVrziJ5komHJWmZ90Fa8A8qoMxInvTCyjBsdk43M1vM8hoTxkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9w1nAcdjmLYMCO8RBZDBWwjpDnflT9j/FzaabGE1JBo=; b=NEHzEXleXLmqrA5DjVrgmVOqPOI+5anapfVh5IY6v7C/M5O7Zw4GaCWKOd3WaZAt/Cp0QvU32MNTZKfL+LwX5C2yl3YRX/cjvOsa3RQlHpfA+Dw5/M8UQe3zBDzcIxcinFGVgOrJ/nzqeb7g4o4VS7UIhqKM1+ZykE2jq5/CnpuI5JUHrP75m/JrqNUAqQKP99uoI/aub9sJMq30CbccCvXO+TpIbTtkD3sRzI9H91RlJBnXrIR5CtThWBGNbUE1E9Ed4MBmfOrcuFPXvvhCV7MTkNW61P+ZJjvftnGm+jyYAS+mpRgQniH9PQKy6Q7p6HvR7vF51Npkko6strc+iQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sidn.nl; dmarc=pass action=none header.from=sidn.nl; dkim=pass header.d=sidn.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sidn.nl; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9w1nAcdjmLYMCO8RBZDBWwjpDnflT9j/FzaabGE1JBo=; b=Ij1RwNkzvCSGKLFItu0P64p/HclfSZnOw+cq7n0swY5zs/crVXVaioUSES40nvbh9Fnz7B2n+lhBmKZpHPtEvPY4RhbgoQ5SEQ5HSdFsysh2IqcpvbFR2loB3AbrH2GIIWBdYg3hwfpNM85yQkWOkIQUsqi4DDMUFR7xqsTTlcE=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=sidn.nl;
Received: from AM0P194MB0257.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:61::31) by AM0P194MB0275.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:5a::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Thu, 30 Apr 2020 10:33:39 +0000
Received: from AM0P194MB0257.EURP194.PROD.OUTLOOK.COM ([fe80::40dc:96f0:d873:6848]) by AM0P194MB0257.EURP194.PROD.OUTLOOK.COM ([fe80::40dc:96f0:d873:6848%6]) with mapi id 15.20.2958.020; Thu, 30 Apr 2020 10:33:39 +0000
Cc: IETF DNSOP WG <DNSOP@ietf.org>
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com> <4feca627-79d6-374e-402d-f50d49e03469@sidn.nl> <CAHPuVdVkTbV6o5sVCZzOcE4y0yEFUa3rmtcsWooxQK0nO_eMvw@mail.gmail.com> <058d760a-7400-e407-4d12-c744d949538e@sidn.nl> <CAHPuVdWR6MTsWK0xBBnRj3JkgncORUWptt=VYZW+R-cDO4G1ig@mail.gmail.com>
From: "Giovane C. M. Moura" <giovane.moura@sidn.nl>
Autocrypt: addr=giovane.moura@sidn.nl; keydata= mQINBF14qwEBEAC7A6IGvwbFinLND4AFjFycPiM5Y3qudODE0kiYBPy5d4NIT4uAthSm2FPp 3kUNxMtlZI5NR0Ie/kI2NLdpS6MLpkKtO30D2GIQjaQ58emUnWAxkH94RDB5cJ69mmVxIUnv cpZEOrCvBcJU3SIhnXTfga8AFEct5Sb6XRYy8kblGXcH/6W1XTckcb4g/SejszC2oiiV3cZH HS3UCJvMfY1/6ojq6Cot6jgs/3M56PZI9odsYATu84JNaKqFv1rbD1lf7hYOM5sri6OqrPad qBOCT5DWbdxHvi6JzLNhuxxag/BtJPfLxMFDm+C6P0FKSjY78EzY6Ne2MKlLSDGQWyAHXZae X9RO/0t64LEWBLXmVS1KtIAPt0TgGodhr5d7jXP2maFmgO2+rWhGBBEeC9y9oRRJuBGFzl8w 0wMp1RDNipomtjWPZIIsuWiNKAF/iaPcTr6ZjaNOhnX+Kuqh3X7rr546RYtDDCVWVDpLKZmn 1scrRGKnhvPQsBiuICp5Up6sHNxh30c0n2PJeUZYlhLiZTuzG3rUSg7TLx7d39V4/XyjNr1p ordddIzM2zcGCNP0IgyjdMzjFljL01liMhENXmSagwDLQsOuExcZfawWviPEB2Rzz39obuxi L08RPrtnptcjkx0n6JFtkQUBOLGodtWWLs9cVF4Lic7aJswg6wARAQABtCtHaW92YW5lIEMu IE0uIE1vdXJhIDxnaW92YW5lLm1vdXJhQHNpZG4ubmw+iQJOBBMBCAA4FiEEkUlxD1iA/bYW 8LYoeMuqlaSXxY4FAl14qwECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeMuqlaSX xY7A/w/9FSp5N5rGcWe9bK8+k06e5dcxYRphMMHpC6hnrvyfgZgvepkhx9jK8HOevF1xk/Xa 8MR53fP0wo+2ZXSPJNgkzITFFypHfM2LLxh1/Lm2KnwR58OuX/E1juvOx5FseDrVjcmOL1s/ vtm0s4nlbzCSwrvBfnpsSXmQvseQHcm82Oto78p7YxgUNoxjPkaUkmekDMm8TWwctTummYfM vHzKgKSVCCBNJayRRR6+pw+UG5mnlvUgv96AwK7CUF2pjlwIFKx6cVDDD3M17ZUP6zsPQ+HB 8m0DtQFtAu1mU/OXeNk54jKm4b2A1gXwNnh11e7uPzS5hrjz9znwyTLLw1fJPySYUVMDhuu4 EI+L2Goi1DrhLunQ72YRIKHF3jVjDd6eHenk9Qq44WfuYOE1PSdIKjhS0DfOZgy/C4DWkot/ XfZ40dlaV1eLb/fjWw1/GY3FYZIxxPvFV5tg+Fjn4pqiqy2XvCBrIzMYG0X4u3A4Kvjnblh0 9G/bD8lzx6mUymDvZ/PHk8+mhp9obA+LcmLHt+lkNyR73vT1ZTrQWqrzMTlXN7guFWSOrCOm toWgVu63L9LsFKiUllkctXGhFzaERQT85h6ugovq7Bk0Qf0NBvHcwxgBdUa/uqp9Frcm4gT3 pZFepXY4Q63nL/y3Ay65rouurVPsSUTghuzgRaZ1ePq5Ag0EXXirAQEQANJeW4E1yFJ8RIdH /LUp7ZjLSQZjxLi0J6Jz8q60ZCFOEBh++i0nmYljEHG1HHqvMzv7x7EEg2ZaQmk6l8ZF4CuG oy8xjKLyM1v7k3i/GPwHEmWAKR6VxwBflE4ISL0bwecOuBubemSsQYaHBvydTg/sSkCz2YcF inec4o4Ertu4HCo0c+LlzcWWcb1/O6vUaOGCH0LBXT2btbDMzOgSBTeRCHP/aLIClkjNmvRc mQIszCCriuqlapNWTzIm8WVfD5Ho/ZyrtgeSbqk5I4by9eyAJNDKi05NgR1vY85tQ/hNIN90 8RcVK7OvGrQ9NgJpk3oFeaCkAXbhq5HfAI2tWnj3lrPLa7FP//YoYVY/Teqb+Ehp1CiVkeHf F2yGRsSWa+99Ii3nM3E8CpJu+SS/M1zbQlBgvGT+liXMfvJ/7wzAivTdIsy94uiWbLvrmF6V g6Iwq6d9O+/3j8gvcl0OXvUzNO9Qjb3+dL9hoKZ4GPUN9nYP34KcGLgdeyi0/DeKTLDODbXA scoQ+V96JmJzMW+UXkIyfq27MVyZLnJMtwD9On2/vSaNjXD2imfUbtHU0+7FvET8qzzJUBII IYz0dA5UmQx2/PKqDLh5DWdaWZa1cf6RqQ+FE10ePot+RjTU3ojiYqbzJ9Nm8WazV2ibAMg9 gozAb/oRmp7vzZURc21PABEBAAGJAjYEGAEIACAWIQSRSXEPWID9thbwtih4y6qVpJfFjgUC XXirAQIbDAAKCRB4y6qVpJfFjo9sD/9iqHO8MMaMBhefBJs5imU+TMarHto+OLfsnGTQarqH GfyvCB6LmY0ZP92jXtMe9hx0dt8SrlGOtwsFoqcvSk5L5yaFde1aG2o3a21mlcyMRhljzME9 RgnN61pB/rfg8yjbxNbhBgKjQCO/2fyJIcp9Er2qKmJYGV7UkP3Fl5SHMs6Z9IiDhRQjhpKZ iXRpQUofHggErvV7//j8ALLEReVjfEg049EZ1U5VQosroXzkbSPfpAHjW4d+MdCM38WYC3Ap fk7qY1vZV3YTj/eD7j4b772xMMlUdPm6Vl83sAY/OP5ZFCe/f8HUwaRYm6zwhnRug8tI2g05 N3/yBVbmc047gtXTFuW0ZhHkN26rSl6e+gtfhoh0CigfixHRFI6TWrtF5APVxW+WJ1N990w1 RXXHCn8ZGVJ9u8sglWPSWwK8vVhhbZQVtPUkUegN0Zj7nqHz+5nHtqsF6ddIN65akf+CqArU /iVwvA5gsvid2vyunM88MlUplJBmAXtMEyCpvTyfDTT7jYY15ZpaO3jlHyiagwVhVrxgsw+B N0RmT/zoqKN33zuhSmrxw0+vU+gq2BZLjpjZRnnjeoFwKo3qNWKx7BRTxzOG5eMoGzrvO7dF Xt5QjjOQ4cFtq4ryW8qDfmDd4mLYyMcRO/hOPPq30pW9emtiXFABb8JvwfEusod+mQ==
Message-ID: <0cce3a72-5d35-8da7-f285-20c9840ec095@sidn.nl>
Date: Thu, 30 Apr 2020 12:33:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
In-Reply-To: <CAHPuVdWR6MTsWK0xBBnRj3JkgncORUWptt=VYZW+R-cDO4G1ig@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AM7PR04CA0016.eurprd04.prod.outlook.com (2603:10a6:20b:110::26) To AM0P194MB0257.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:61::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.172] (31.21.111.111) by AM7PR04CA0016.eurprd04.prod.outlook.com (2603:10a6:20b:110::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19 via Frontend Transport; Thu, 30 Apr 2020 10:33:38 +0000
X-Originating-IP: [31.21.111.111]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a5c758ac-d885-468a-98ef-08d7ecf1f21e
X-MS-TrafficTypeDiagnostic: AM0P194MB0275:
X-Microsoft-Antispam-PRVS: <AM0P194MB027518B7E5E683BBAE19BB76F1AA0@AM0P194MB0275.EURP194.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-Forefront-PRVS: 0389EDA07F
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P194MB0257.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39840400004)(366004)(376002)(396003)(136003)(346002)(83080400001)(5660300002)(31686004)(8936002)(966005)(8676002)(26005)(2616005)(956004)(66556008)(66476007)(66946007)(31696002)(52116002)(2906002)(478600001)(36756003)(86362001)(16526019)(186003)(4326008)(316002)(16576012)(6486002)(109986005); DIR:OUT; SFP:1101;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 034XaJZgpHC1ESA4EaGAVRFgQlxzjSw1PDJC6iYj2NUWYbhjDTL8g5U1dqBkJrRjAn0GPwaJuiQRP8GtYUDx4mm5ts2oGmXCWeMNhCxps5uL1kZcY6rdPPV88XWglb2n81GZrhYyK7ZEQiPUtlCyi+9xzVA8yPOjBjp4me90tCsi05tyKOHGlgoui2vE72rRrGl7K40uycv4MFyLYozepi5U7ZilQwLPN2q0vWhtEGOiZC9mwIybetEgGwtqnfPrfKdCOfBmqxsyr3twKOYCodERd4PH3GLnxCjry+i+Piw7900tUIdengf6ObL9hHEsHfhqqZ/T4x/URLaTrzlAFueyqjQ7zlqwtpd4lL+7XCUaeyHpWAupo+2yKUhCgg9N6BHV3UVB++IPgF5FUl12k75rYBXr3A2rx7zHnp8R1oD1cfWvpkp9Kq6mGJNn/H9EjExshq21ReGNLTqIfO45p8Z9m2ogixfGmdK42dUkdN/dtH1UPjiFiUWWlO3yeoQ3ZXDsvWpeALwZvTzHRqaFiQ==
X-MS-Exchange-AntiSpam-MessageData: caL0Hi/3QBIZrdXQtlWvL0tlZKvP2smcCD6HtZtdmevpUprtEXR4ASn4aatBTS5gAsykN1v2LW8ov92C6spxcZro/4hCC8FyI58PrBtiqowrm92ZlQcVBhmSgYr/Iou4kAsPvhgro9gjil8wyzLmVpQeMGxoUABmitfmhl62Gwo4ghRAIyGJyCF2FM8D1DgYQ920RzbhxOont3HhaopB/L1+0XBc+8QdA+kLDJ1p36bnpUBGy9ItEx1YMdHKOjGTOREGCKo69O/BYKgorxbg2CAz5aS9dqEqf4ARRSo78j4GpgVejaJMCFcUVBnfjzFOGxVZN9myk0j6jqxMVSHTOzgn3/gL1qjI9xcgBB5x8NWP0FmjGFQREuq/Ai6d+2C5ERHYVmI9YYthWWdQM6GnF2OCRgDql38BY+Mqjf4e/b69fuEcOh2lqUbLGWJ5YkIyS6pQfULaOnKQUMrOK4ssuk+QMEeBQNDcxaqf7X3kV/21F33JyxHAo0igbB8SzP+1Mn6GxL1j/Ix2AMchsi7vpFCEipOTE0dVvUZ+0j9I49q0sdFEq6iSaVm2Tr6XNhq+DqZir15ee7eVUjGL+vwlOW+tqCndonLOdYZfkVQs1VfswSWsR5ixkZbTcbvuIthUdoq2I8jexl0Kcq/qw8bZ+ROLXcmJ+ScfrchkQjTgybMmT/UeKvwkOT1PysR8zhgCaqS//WkO8/qhgs6GCOTxh2Gqo5mHl0QNK0Djru/VN23vES3I8qS3VrmYo0K342t9OjyvGAZaftTAB86QFHPdWhCTS2x7tyBmxbKqutDk4Fw=
X-OriginatorOrg: sidn.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: a5c758ac-d885-468a-98ef-08d7ecf1f21e
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2020 10:33:39.0708 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ab4d3626-c1c5-4a75-ab85-427f1a644a7d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: DlnbraNulFOqnR4yZ28+WAaxKemy2RmEQyPcwFOuK5Mr+n9tmcjsLRt4u7r6k5WpMwWs/60HtyEsst7g/A9V1w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P194MB0275
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xCQ_-U_NTRU2eg9CV7tQ2vACqqc>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2020 10:33:46 -0000

> I meant servers within the child (or parent) NS set had different NS
> sets configured in them, i.e. yet another level of mismatch. Maybe
> that's not worth investigating, but I'm pretty sure I've come across
> such misconfigurations in the past.

Oh now I get it.
We did only with a sample of 1% of .org domains (10k), only looking at
different NSes at the child level. We found 2% of them having
inconsistencies.

See on the last paragraph of section 3 [0]:

"Note that the OpenINTEL platform performs the measurements choosing
one of the child authoritative nameservers. To verify how often sibling
name servers have different configurations (child-child delegation
inconsistency), we execute a measurement on a random sample of ∼ 1% of
.org domains (10k domains). The measurement suggests that ∼ 2% of total
parent-child delegation inconsistency cases also have child-child
delegation inconsistencies, meaning that our results give a lower bound
for the problem of parent-child mismatch. "

/giovane


[0]
https://www.sidnlabs.nl/downloads/53BNt9EPxZQOCHYjqWhYfR/7295d79a207afc79cab6309d40a15a76/When_parents_and_children_disagree_Diving_into_DNS_delegation_inconsistency.pdf